[Dovecot] ACL to make mailboxes populated by master account Read Only for regular users.
We have a solution using Dovecot as a secondary mail archive. All mailboxes
are populated/groomed by master account and the actual users have only read
access.
This is achieved by a simple ACL approach.
dovecot.conf has
protocol imap { mail_plugins = acl quota imap_quota zlib }
plugin { acl = vfile:/etc/dovecot/acls:cache_secs=300 }
/etc/dovecot/acls/.DEFAULT file is trivial:
user=master lrwstipekxa
owner lr
It used to work with Dovecot 2.0.4 for years, but after upgrade to 2.0.18
users now have full access to folders created by master account and can
delete, add and move mails.
Should it behave this way? How can I "secure" mailboxes again? Any help
is appreciated.
Re: [Dovecot] Proprietary mail storage.
Thanks, Timo. Technically, it's not a Maildir, but my plan is to re-create one with folders containing hard or symbolic links pointing to the real storage. Is it going to be a problem? On Wed, Aug 31, 2011 at 10:52 AM, Timo Sirainen wrote: > On 31.8.2011, at 17.24, Alex Cherniak wrote: > >> I have a large existing read-only collection of mails packaged in >> individual zip files as +. Is it >> possible (and how difficult) to create a proprietary plugin (like >> gzip) which will open a zip file, extract mail and pass it back to >> Dovecot? Where do I start? If plugin is not the right approach, what >> is? > > Is it otherwise a Maildir? If yes, you could base your code on the zlib > plugin, or perhaps more easily you could use mail-filter plugin: > http://dovecot.org/patches/2.0/mail-filter.tar.gz > > With mail-filter you can basically just put the messages through whatever > program/script you want which gets the mail as input and outputs the wanted > message body. I think the v2.0 mail-filter had some (potential?) bug, v2.1 > mail-filter is anyway redesigned and should work perfectly. > >> Another question is how will this affect Dovecot performance and how >> to avoid any significant degradation. > > I doubt it's going to be a problem. > >
[Dovecot] Proprietary mail storage.
I have a large existing read-only collection of mails packaged in individual zip files as +. Is it possible (and how difficult) to create a proprietary plugin (like gzip) which will open a zip file, extract mail and pass it back to Dovecot? Where do I start? If plugin is not the right approach, what is? Another question is how will this affect Dovecot performance and how to avoid any significant degradation. Any help is appreciated.Thanks.
[Dovecot] LDAP Authentication with multiple independent domains
Is it possible to authenticate users against multiple independent AD domains? In my dovecot-ldap.conf I entered two hosts: hosts = host1 host 2 auth_bind_userdn = %d\%n ldap_version = 3 base = cn=users,dc=%d,dc=net auth_bind = yes but OpenLDAP seems to stop authentication as soon as the first host succeeds or fails. I also tried to configure trust between the two, but it didn't work either. Please help...
Re: [Dovecot] How to enable COPY and APPEND commands separately
Thanks for the answers. Solution we are working on, supposed to provide access to some kind of a mail Dovecot archive exposed to a user as IMAP account in Outlook. The idea was to allow users to move messages between folders, but forbid direct drag-n-drop from the Exchange account. On Thu, Jan 20, 2011 at 6:53 PM, Timo Sirainen wrote: > On 21.1.2011, at 1.51, Alex Cherniak wrote: > > > I'd like to allow a user to move messages between his folders on Dovecot > > IMAP account, but prevent move/copy from different accounts (Exchange in > > particular). > > Outlook uses "xx UID COPY 1 folder" and then "xx UID STORE 1 +FLAGS > > (\Deleted \Seen)" for internal moves and "xx APPEND folder" for external > > ones. > > I tried to achieve this with ACL, but i (insert) seems to control both. > > Do I miss something? Should I look somewhere else? > > That would also prevent users from saving messages to Drafts or Sent > Messages. Unless of course this was a per-folder ACL. > > Anyway .. nope, there's no way to do that. Why would you want it? You could > create a plugin for that though. > >
[Dovecot] How to enable COPY and APPEND commands separately
I'd like to allow a user to move messages between his folders on Dovecot IMAP account, but prevent move/copy from different accounts (Exchange in particular). Outlook uses "xx UID COPY 1 folder" and then "xx UID STORE 1 +FLAGS (\Deleted \Seen)" for internal moves and "xx APPEND folder" for external ones. I tried to achieve this with ACL, but i (insert) seems to control both. Do I miss something? Should I look somewhere else? Please help.
[Dovecot] Permission denied
After several trouble free months and without any obvious reason our server
just stopped working. I cannot even re-start it:
[r...@dsmail /]# service dovecot start
Starting Dovecot Imap: Can't open log file /var/log/dovecot.log: Permission
denied
If I create those manually (touch /var/log/dovecot.log,
.../dovecot_info.log, .. dovecot_debug.log) service starts, but reports an
error in dovecot.log: "Dec 16 14:55:30 master: Error:
symlink(/etc/dovecot/dovecot.conf, /var/run/dovecot/dovecot.conf) failed:
Permission denied" and users still cannot login.
Where do I start troubleshooting?
Bellow is my dovecot -n:
# 2.0.4: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.18-128.el5 x86_64 CentOS release 5.5 (Final)
auth_master_user_separator = * debug_log_path = /var/log/dovecot_debug.log
info_log_path = /var/log/dovecot_info.log log_path = /var/log/dovecot.log
mail_location = maildir:~/%Ln passdb {
driver = pam
}
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
}
plugin {
acl = vfile:/etc/dovecot/acls:cache_secs=300
quota = maildir:User quota
quota_rule = *:storage=1G
}
protocols = imap
ssl_cert =
